Businesses and governments utilize identity management systems to manage user and device/application identities across multiple systems and applications in order to ensure that unauthorized parties do not access sensitive user communications. Certain identity management solutions rely on a technology known as Public Key Infrastructure (PKI), which enables users to be authenticated to each other by confirming identities issued through a trusted third party entity. Each PKI user is issued both a private key (analogous to code or other identifier that is known only to the user), and a public key, which is disclosed to all users. Central to a PKI system is that the public key be issued by a trusted third party. For example, if user A wishes to send a sensitive message to user B, user A would use user B's public key chained to the trusted third party to encrypt the message, which user B would decrypt with his private key.
Trust is the characteristic that one entity is willing to rely upon a second entity to execute a set of actions and/or to make a set of assertions about a subject. If public keys were not chained to a trusted third party, however, a malicious party could publish a public key purporting to be user B, and thereby intercept messages to user B using the phony public key's private equivalent.
To avoid this problem, institutions known as Certificate Authorities (CA) often serve the role of independent, trusted third parties to issue and manage identity certificates. In addition to encrypting messages (which ensures privacy), user A can authenticate himself to user B by using user A's private key to digitally sign the message and append to the message a digital certificate, signed by a trusted CA, indicating user A's public key. When user B receives the message, she can use user A's public key to decrypt the message, verify the digital signature of user A, and validate user A's public key by confirming with the trusted CA that the digital certificate is valid. Examples of CAs include Identrust, Entrust and VeriSign.
Wireless communication systems have grown dramatically in recent years. For example, numerous businesses, governments and institutions rely heavily on BLACKBERRY mobile devices to communicate. What is needed are more effective security systems to protect the integrity and authenticity of wireless communications and transactions.